User avatar


Follow with

how to pwn a billion dollar vc firm using inspect element

“New CSAIL research highlights how LLMs excel in familiar scenarios but struggle in novel ones, questioning their true reasoning abilities versus reliance on memorization”

Reasoning skills of large language models are often overestimated | MIT News | Massachusetts Institute of Technology

"If you couldn’t have a utopia in the real world, then dammit you’d have one in your obscure codebase! It shall have clean logic untarnished by dirty, filthy hobbitses error-checking."

You probably wrote half a monad by accident – Andy G's Blog

eventually, shared mutable state will ruin your day

After extensive research, testing, and trial and error, here are my recommended settings for Django web apps using SQLite as the primary database. I anticipate these settings will evolve over time, and I will update them accordingly. My goal is to have these settings ready to copy and paste into every new Django project, ensuring they are the most current and optimal for most web apps.

Optimal SQLite settings for Django – Giovanni Collazo

new old optiplex server

post image

Now every room in the house has a CAT6 cable and AP 🤓

post image post image

Security Bsides badge

post image

🌳 🌸

post image


post image

Launched a tiny side project today

Don't be afraid of hosting your own database. Managed DB services want you to think is too hard. For a lot of apps it's easy to get it right.

Notepad HTML Assistant Pro BBEdit Dreamweaver Textmate Sublime Text Vim Atom Visual Studio Code PyCharm, GoLand

post image

Most apps/organizations are not secure, they are just “not targeted by a sufficiently motivated/skilled attacker”

this is good 👍

How I write HTTP services in Go after 13 years | Grafana Labs

htmx enables me to undo the frontend/backend split that react-like apps sold us as a positive feature of that architecture.

In my experience that split translated to more time/cost with very little benefit. You will still need to build a bespoke API endpoint for every screen if you care about perf. The split requires more coordination and lockstep motion.

😎 🏴‍☠️

I’ve looked into many of the most showcased/popular react/next.js apps out there and a lot of what they do is fetch some JSON and generate some static/non-interactive DOM. Yet they pay the full price of a client side framework and related tooling.

These apps will be redically simplified if they shipped HTML directly from the server and swapped just parts of the UI as needed.

Do you really need all that client code to do that?

Really enjoying PyCharm. Once I learned 5 o 6 keyboard shortcuts I feel much more productive than using VSCode.

shift shift - search ⌘ shift a - actions ⌘ e - recent files ⌘ b - go to def ⌘ [ - back ctrl g - select another alt ⬆️ - select containing scope

favorite desk

post image

Too good

I’m almost convinced that adding dependencies into source control is the better way of doing things

TIL that if you add .atom to a GitHub releases page it will return a RSS/Atom feed that you can follow with your reader and get notified of new releases

For example:

Start learning Web custom element API TODAY, it’s a great investment.

I use them to attach interactive behavior to existing DOM nodes. Starting to build a collection of very portable and reusable “components” that are very unlikely to stop working whenever a framework author feels like it

Thinking about how to implement web mentions in Beluga.

We would need a server to receive mentions on behalf of Beluga users and then deliver them when they are back online. Something like


Exposed RSS – Chris Coyier

I need a good tutorial for git-send-email

The next version of HTML should look at htmx for inspiration. We need access to all HTTP verbs from and a way to replace just part of the page.

Plain text

To me this sounds like hexagonal / ports and adapters architecture with a better name and a 100x better diagram.

The DDD Hamburger for Go. The DDD Hamburger is my favorite… | by Jan Stamer | Jan, 2024 | Medium

Super Grover fixes the computer

This is where is at

My main browser is Safari, I use Brave for video conferencing with Google Meet and Firefox for web development.


Notes #12

Notes #12 – Giovanni Collazo

Just published Beluga 🐳 version 2023.3 to the AppStore. This is a small update that fixes a few issues with the generated web site.

Download here

‎Beluga Social on the App Store

Toxic: 3M knew its chemicals were harmful decades ago, but didn’t tell the public, government - Minnesota Reformer

I can’t find a logging solution that works for me.


  • Capture logs from multiple hosts
  • Docker logs
  • Host /var/logs files
  • Generate basic metrics from logs
  • Generate alerts from metrics
  • Easy to deploy on a single host

Why YAML? Can we use something else? Please 🙏

This is great. Interactive guide to CSS Grid

An Interactive Guide to CSS Grid

Taking HTML+CSS seriously and investing the time to really learn them will give you an unfair advantage over most web engineers

Great web #a11y tip

Don't disable buttons | Go Make Things

Notes #11

Notes #11 – Giovanni Collazo

Development tools like code formatters, linters and similar must not clutter or interfere with my projects’s dependencies. These tools should be distributed as single-file binaries.

Python needs ONE solution for linting, code formatting, package management. Right now its just a mess.

Picking a technology to learn so you can get a job is NOT a technical decision. Just pick the technology with the most job listings, end of story. 🤓

Web technologies have been moving faster for a while now but people have not noticed it. A lot of the web toolkit is becoming unnecessary.

For example CSS has variables, nested selectors and functions like calc, max and repeat all built-in.

Use the platform.

I would never do such a thing 🥸

Avoid Load-bearing Shell Scripts | Ben Congdon


post image

Closing shop for the day ✌️

Weeknotes #10

Weeknotes #10 – Giovanni Collazo

Weeknotes #9

Weeknotes #9 – Giovanni Collazo

Weeknotes #8

Weeknotes #8 – Giovanni Collazo


post image

Weeknotes #7

Weeknotes #7 – Giovanni Collazo

“The future is already here — it's just not very evenly distributed.”

  • William Gibson


post image

Weeknotes #6

Weeknotes #6 – Giovanni Collazo


Mac SE Easter Egg

Trammell Hudson's Projects


Weeknotes #5

Weeknotes #5 – Giovanni Collazo

Bug bounty programs have emerged as a crucial cybersecurity measure, allowing organizations to harness the skills of the security community in identifying and resolving vulnerabilities before malicious actors can exploit them.

Running a Bug Bounty Program Without Spending a Fortune – Giovanni Collazo

Unpopular opinion: Many (most?) web apps could run on a single cheap VM, but a lot of developers are convinced that anything that's not pressing the TAB key to Copilot suggestions is too hard and not worth it.

Weeknotes #4

Weeknotes #4 – Giovanni Collazo

If your SPA is just taking JSON and adding some HTML to display on the browser and you don’t have a highly interactive and stateful UI you are wasting your complexity budget

Weeknotes #3

Weeknotes #3 – Giovanni Collazo


post image

Sao Paulo: The City With No Outdoor Advertisements

post image

Weeknotes #2 – Giovanni Collazo

I’m trying to post more regularly so I stole this weeknotes idea from Simon Willison’s Weblog. The plan is to share articles, videos, books and things I learn. Here’s the first one.

Weeknotes #1 – Giovanni Collazo

Unpopular opinion: AWS CloudWatch Logs is better than most other logs and metrics solutions out there

Sobran las ideas y las buenas intenciones, lo que hace falta es ejecución efectiva, rendición de cuentas y consecuencias cuando se falle.

Aquí cualquier pelagatos dirige una agencia y nadie le exige nada más que visitar a Rubén Sánchez de vez en cuando y no parecer subnormal.

El problema no es falta de imaginación ni maldad (en muchos casos), el problema es incompetencia.

«Nunca atribuyas a la maldad lo que se explica adecuadamente por la estupidez»


🤓The browser tab was a great invention


post image

No lies detected

post image

How much of winning a war is just logistics?

TIL where Debian code names come from: "So far they have been characters taken from the Toy Story movies by Pixar"


Not understanding the difference between logging, metrics and traces allows me to do all using structured logs and search. It works!

Self-hosting PostgreSQL is possible

TIL that @digitalocean Spaces have support for lifecycle configuration. So my backups bucket now takes care of purging old stuff

How to Set an Expiration Policy on DigitalOcean Spaces Buckets

Boring tech is my favorite tech


post image

Writing Python like it's Rust

Favorite Tiny Desk Concerts

Favorite Tiny Desk Concerts – Giovanni Collazo


post image

Django's internationalization and localization features are great but if you add Poedit to your workflow it's hard not to justify having multi-language support in your apps.

Poedit Translation Editor — Poedit

¡Buenos días!

post image

Django class-based views are harder to use than function-based views. With CBVs, one must constantly reference the docs to understand the order of method calls, their args, and return types. On the other hand, FBVs get a req and return a res, plain and simple.

Another incredible product

post image

🏝️ 😎 🏝️

post image

All HTMX does, is make the browser better at hypermedia by giving us more options regarding what can trigger an HTTP request and allowing us to update a part of the page rather than a full page reload.


Page not found - Prime Video Tech

You don’t need serverless functions at the edge

Just write a state machine and call it a day

Inside the secret list of websites that make AI like ChatGPT sound smart

See the websites that make AI bots like ChatGPT sound so smart - Washington Post


post image

web dev can be very simple and very powerful

🏴‍☠️ Not paying a ransom in a doble extorsion scheme is not always the best option.

If we want the Web to stay relevant we must put huge emphasis on accessibility, usability and design.

YES superficial artsy-fartsy design too. How things look and feel is part of the experience and the Web must be as good or better than proprietary platforms like Android and iOS

Some times the solution is to create a private CA 😶🔫

Running servers with quality software isn’t as scary as someone wants you to think.

Choose boring tools – Eduards Sizovs

Git Worktree: Enhance your Git Workflow

Git Worktree: Enhance your Git Workflow

Multiple sources of truthiness™

For the past few months, I've mostly been coding by myself. One thing that has helped a lot is that I stopped using GitHub issues and instead create TODO/FIXME comments in the code.

I use a VSCODE extension called Todo Tree to index the comments. For Xcode projects, I found a tiny script that finds the comments and creates a warning when the build runs.

post image post image


post image


If you owned the hardware your software is running on you would never consider serverless functions as the architecture


post image

TIL: Go (like JavaScript) does automatic semicolon insertion

It’s Alive!!!

post image

Selling MVP quality software is 100x easier than selling highly polished software that only exists on a slide deck. Sadly, if you want to sell a product, you have to build it. You could also fake it but IMHO it’s almost always waste of time.

Just updated my "uses" page

Uses – Giovanni Collazo

True story

post image

Public service, if your Apple TV remote stops controlling the TV volume just restart the remote. YES the remote


post image

I like vim for simple and quick file editing but prefer vscode for web dev.

I get people that have a vim/neovim setup that has evolved over years to fit their needs. I envy experienced vim users and how fast they move.

I don’t get people just getting started with vim trying to recreate vscode by installing lots of plugins and spending a lot of time configuring stuff. Most of this people would be better served by enabling vim mode on a more preconfigured editor.



Dumb Password Rules

Agree. At this point in my career focusing on a single thing feels too limiting and boring TBH

Inspiration is perishable

True Story

post image

“ChatGPT Is a Blurry JPEG of the Web”

Si estás haciendo software para un negocio que su idioma principal no es Inglés, está bien (y recomiendo) usar los nombres que usa el negocio en el idioma que sea #unpopularopinion

✉️ Email signstures. Please stop! 🛑

Having Touch ID on the external keyboard is a tiny quality of life improvement that I really enjoy

post image

After years of building SPAs, getting back to the web framework approach to making web apps feels like cheating

🌮 Monday? 🍺

Trolls World Tour is crazy!

post image

📸 🌙

post image

Been writing quite a lot of Python 🐍 lately. Like it!


People using React actually look at Facebook and see excellent front end development?

Trying to use the built-in terminal in iOS instead of iTerm 😵‍💫

Lambda Cold Starts analysis. Visualize 10 Cold Starts for each runtime, updated daily


post image

Everytime I have to setup git on a new machine theres a new login method 😵‍💫

Good security engineering has little to do with compliance ✨

Hey YouTubers please remove the mic from the frame or even better use a lavalier 🧘‍♂️

New website for my consulting business

Custom software & digital marketing

The React ecosystem is great if what you sell is online courses and YouTube video views

Switched to using Firefox full time and the experience has been great. Some sites perform better than with Safari for Mac.

Don’t want to write boilerplate? Use a framework. Don’t want to use a framework? Write boilerplate. 👻

Great artists need to know a thing or two about marketing their work

post image

Usar ChatGPT para generar los talking points de los fotutos

Llevar a tres niños a la escuela todos los dias y a tiempo es una batalla 😥

Just realized that I can add Beluga 🐳 support to a lot of shared hosting providers by creating a simple PHP script to list, updaload and delete files. The script must also authenticate the user and restrict files operations to the correct folder. IT’S DOABLE!


post image

☠️ OUCH! “malicious individual who knew a target node’s database ID could generate and accept a sharing invite for that node without being an admin of the target node’s tailnet”

Security Bulletins · Tailscale

Great post. I need to read it again


Bought a new laptop

post image

This is an insane AWS bill


post image

🤔 In software going wide (superficial features) is better for sales than going deep (complex domain specific features). Good software is a mix of both, great software finds the perfect balance.

The Fake Cisco

post image

My touchbar now flashes 📸 a bright white light for a few minutes every time I wake up my laptop

post image

Our art gallery

post image

Password notebooks are a good idea for most non-technical users. There’s only a few tuings to have in mind to stay secure. The notebook never leaves the house, keep it in a safe place and use a different passphrase for every app or site.

post image post image

I’ve been doing some Django web app development these days and I have to say it again. Django is great! 🔥

I missed Django for Web development. It’s really good.

This is crazy

Wireframes are my favorite kind of spec for MVP software 👨‍💻

The Rivian R1S looks like the Simpsons' Canyonero 🚗

Some folks have asked how will Beluga 🐳 handle a user with thousands of posts.

The short answer is that the beluga.json feed can be trucated after a fixed number of posts. The JSON Feed spec includes a next_url field to handle pagination. I will implement this on the app very soon.

I like this

This week I will release a new version of Beluga fixing some of the reported issues with Backblaze

✈️ Going home ☀️


post image


post image

❄️ Posting from my vacation just to test the experience with horrible connectivity ⛄️

First post from the cloud ✈️

Make th web weird agan

Building a website like it's 1999... in 2022 - localghost

Getting ready ⛄️ ❄️ for the family winter vacation

This is good

Things to argue about over the holidays instead of politics


Notice of Recent Security Incident - The LastPass Blog

The feedback from yesterday’s launch was great thank you all 🐳

My response to the large feed problem

Currently on the #1 spot on Lobsters

Beluga 🐳 got to the #12 spot on Product Hunt

Just published the website

Beluga - A Space For Your Short Posts

Beluga 🐳 will launch tomorrow on Product Hunt

I think I might be able to add partial Mastodon 🐘 support to Beluga 🐳

“code isn’t really written so much as beaten it into shape and then refactored”


Take note

Never Use Text Pixelation To Redact Sensitive Information | Bishop Fox

🔥 Very productive day. Designed a website before lunch, worked on some documents for Beluga 🐳 and debugged an issue on an old web app ✨

Development of the Beluga 🐳 website is getting started. Looks like I’m launching the app at some point next week.

NIST Retires SHA-1 Cryptographic Algorithm | NIST

GitHub broke the back button

How to rebuild social media on top of RSS

Today I spent all day working on the web site design of

Anoche recibí este intento de phishing via SMS diseñado para clientes de FirstBank

post image

Playing with ActivityPub -


post image

Now we wait

post image

Beluga usa el formato JSONFeed para maximizar su compatibilidad. Muchos lectores RSS pueden leer este formato.

En el update de hoy de Beluga arreglé algunos issues en el website generado y también resolvi un problema con los link previews que hacia que aparecieran en el feed (beluga.json)


post image

I would try this

Apple introduces Apple Music Sing - Apple

Reading text from a web page in Swift is possible but not that obvious

post image

Lo mejor de este break del trabajo que estoy tomando es que apenas recibo emails 🥳

iOS tiene una cantidad gigante de APIs que funcionan excepcionalmente bien

post image

Hello, World!